Fixed admin cert processing.

For KRA/OCSP installation with external certs, the installation tool has been modified to import the externaly-generated admin cert and also copy it to a location normally expected by admin. https://pagure.io/dogtagpki/issue/2901 Change-Id: Id18ec2b6b8b1c3f307af11e2acba7866b2b5ee75
dogtagpki · Jan 22, 2018 · 1127a63 · 1127a63
1 parent 249c323
commit 1127a63
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
@@ -4328,7 +4328,7 @@ def set_admin_parameters(self, data):
         data.adminUID = self.mdict['pki_admin_uid']
         data.adminSubjectDN = self.mdict['pki_admin_subject_dn']
 
-        if self.standalone:
+        if self.standalone or self.external and self.subsystem in ['KRA', 'OCSP']:
             if not self.external_step_two:
                 # IMPORTANT:  ALWAYS set 'pki_import_admin_cert' FALSE for
                 #             Stand-alone PKI (Step 1)
@@ -4354,11 +4354,10 @@ def set_admin_parameters(self, data):
             finally:
                 client_nssdb.close()
 
-            if self.standalone:
-                # Stand-alone PKI (Step 2)
+            if self.standalone or self.external and self.subsystem in ['KRA', 'OCSP']:
+                # Stand-alone/External PKI (Step 2)
                 #
-                # Copy the Stand-alone PKI 'Admin Certificate'
-                # (that was previously generated via an external CA) into
+                # Copy the externally-issued admin certificate into
                 # 'ca_admin.cert' under the specified 'pki_client_dir'
                 # stripping the certificate HEADER/FOOTER prior to saving it.
                 imported_admin_cert = ""